Sheng-Hao Ma (@aaaddress1) is currently working as a senior threat researcher at TXOne Networks, specializing in Windows reverse engineering analysis for over 10 years. In addition, he is currently a member of CHROOT, an information security community in Taiwan. He has also served as a speaker and instructor for various international conferences and organizations such as Black Hat USA, DEFCON, CODE BLUE, HITB, VXCON, HITCON, ROOTCON, Ministry of National Defense, and Ministry of Education. He is also the author of the popular security book "Windows APT Warfare: The Definitive Guide for Malware Researchers".
Bypassing signature detection is a common and general hacking technique, eh... but it's no longer used by hackers - huh? I mean what? If the hacker can just turn off your whole protection ... what's the reason to bypass ;)
In this session, we will share the new forms of tricks that we have observed in the wild and community over the past two years that hackers are using: exploiting flaws in the standard architecture of modern anti-virus, and the ability to shut down anti-virus protection perfectly. We will demonstrate seven new attack strategies: how to forge tokens, disguise sleep mode, exploit driver issues, and even put anti-virus in a sandbox! At the end of the agenda, we will share the principles behind these attacks to help Blue Team members to detect and respond to these attacks early.
During the two years of the epidemic, many automotive industries, which are accustomed to the physical factory production, realized the importance of digital transformation gradually, and the way to safely and effectively manage the robot arm in the factory on the cloud is an essential topic. Among the many communication specifications, OPC-UA standard has been proved in 2016 by the cooperation between Renault and Google that it can efficiently and securely help the factory to do data exchange and PLC control management, so that the major car manufacturers in recent years have started to adopt OPC to build a digital transformation.
However, is the OPC-UA spec really as secure as it is officially claimed to be ;)? In this session, we will share the design architecture, security principles and flaws in the specification level of OPC-UA, which led to 80% of the major brand products in the market being easily hacked.
In the face of rapidly evolving ransomware attacks in the wild, security majors are promoting the ability of AI to identify and defeat malware in the wild - but is that true? There are benefits and unavoidable limitations to the use of AI technology in the fight against wild samples.
In this session, we will return to the semantics of execution and combine it with the papers on symbolic execution to design a practical symbolic engine that can reverse analyze over a thousand real ransomware samples in the wild to defeat over 95% of them! At the same time, the source code of our engine will be presented at the conference to help vendors understand and use the semantic-aware detection solution based on the symbolic engine, which can effectively combat highly variable obfuscated samples.
CYBERSEC 2023 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy .